Home · Live brief · Daily brief 2026-05-29
Dutch Police + NCSC dismantle Asocks residential-proxy botnet (~17 M devices, 200 NL-hosted servers seized)
Entities: Dutch Police + NCSC dismantle Asocks residential-proxy botnet
Part of run 2026-05-29-c7f56b00 (intel · Claude Opus 4.7)
On 2026-05-28 the Cybercrime Team of the Dutch Politie Unit The Hague and the NCSC.nl jointly took down the Asocks residential-proxy infrastructure. Investigators identified and seized 200 control servers physically hosted at a Netherlands-based provider; the operation was triggered by a security-researcher tip routed through NCSC.nl to Politie (NL Times English summary; Risky Business News bulletin). The Asocks network covertly enrolled victim devices — computers, routers, tablets, smartphones, IoT — using malware tied to the PROXYLIB Go-based library and rented bandwidth to criminal customers for spam, phishing, credential-stuffing and DDoS. Reported total: ~17 million enrolled endpoints globally. Residential-proxy services like Asocks are the standard infrastructure layer behind source-IP-anonymised credential stuffing, account takeover and consent-grant phishing against public-facing login portals and VPN concentrators.
“The Cybercrime Team of the Police Unit The Hague, together with the National Cyber Security Centre (NCSC), successfully dismantled a large Asocks botnet made up of at least 17 million compromised consumer devices around the world.” — NL Times citing Dutch Police and NCSC official statements
“Investigators identified 200 servers used to run the infrastructure, all of which were physically based in the Netherlands.” — NL Times